beautiful-mermaid

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The render script (scripts/render.ts) will install and import the "beautiful-mermaid" package at runtime (via npm/bun), causing execution of remotely fetched code from the npm registry URL https://registry.npmjs.org/beautiful-mermaid/-/beautiful-mermaid-0.1.3.tgz, which is a required dependency and therefore presents a runtime code-execution risk.